Previous
Next
Previous |
Next |
This function escapes a text to be used in JavaScript. This function makes the following replacements:
Table of Replacement Values
| Replacement | After replacement |
|---|---|
|
\ |
\\ |
|
/ |
\/ |
|
" |
\u0022 |
|
' |
\u0027 |
|
tab |
\t |
|
chr(10) |
\n |
|
Note: This function does not escape HTML tags. It only prevents HTML tags from breaking the JavaScript object attribute assignment. To prevent XSS (cross site scripting) attacks, you must also callSYS.HTF.ESCAPE_SC to prevent embedded JavaScript code from being executed when you inject the string into the HTML page. |
Syntax
APEX_JAVASCRIPT.ESCAPE (
p_text IN VARCHAR2)
RETURN VARCHAR2;
Parameters
Table: ESCAPE Parameters describes the parameters available in the ESCAPE function.
Example
Adds some JavaScript code to the onload buffer. The value of p_item.attribute_01 is first escaped with htf.escape_sc to prevent XSS attacks and then escaped with apex_javascript.escape to prevent that special characters like a quote break the JavaScript code.
apex_javascript.add_onload_code (
'var lTest = "'||apex_javascript.escape(sys.htf.escape_sc(p_item.attribute_01))||'";'||chr(10)||
'showMessage(lTest);' );
| Copyright © 2003, 2010, Oracle and/or its affiliates. All rights reserved. Legal Notices |
Previous |
Next |